01-17-2012 12:11 PM
Has anyone else encountered the SSLVPN not functioning on a Windows client AFTER installing KB2585542? If we install the update, we can't use SSL VPN with the AnyConnect client until the update is removed.
01-17-2012 02:19 PM
What platform are you connecting to.
On IOS side we're tracking this via:
01-27-2012 07:40 AM
We are connecting to a 1941W router using IOS c1900-universalk9-mz.SPA.152-2.T.bin with AnyConnect version 2.5.3055 and 3.0.5075
01-26-2012 03:19 PM
Yes, we are having the same problem as you LSThreeMIS. The only solution we have found thus far is to uninstall the update. We are still looking into it ourselves to see if we can find an answer that does not involve uninstalling the MS update.
01-27-2012 07:43 AM
Same here, we have WSUS pulling the update if it was already applied, but that seems to have introduced another issue with the PC/Laptop getting stuck while shutting down windows 7. Hopefully this gets resolved soon.
01-31-2012 08:13 PM
So is the problem with the Cisco AnyConnect VPN client or with the IOS? Or is it both the Cisco AnyConnect client and the IOS? We are running AnyConnect 2.5.3055 and IOS 12.4T(24) on one of our ISRs and have not been able to get Windows XP SP3, Vista or WIndows 7 clients using AnyConnect 2.5.3055 to connect when they have the KB2585542 installed.
Does Cisco monitor and respond to these Discussions? If so, a response of some kind would be appreciated!
01-31-2012 09:37 PM
Hi Michael,
The problem is with IOS and there is a defect filed against IOS for that:
The bug id is CSCtx38806
Any of the following workarounds will work: 1)Use the clientless portal to start the client- this only works in some versions of IOS. 2)Uninstall the update 3) Use rc4 - is a less secure encryption option, if this meets your security needs, then you may use it as following: webvpn gatewayssl encryption rc4-md5 4) use AC 2.5.3046 or 3.0.3054 for anyconnect For anyconnect users, the user error message is : "Connection attempt has failed due to server communication errors. Please retry the connection" The anyconnect event log will show the following error message snippet: Function: ConnectIfc::connect Invoked Function: ConnectIfc::handleRedirects Description: CONNECTIFC_ERROR_HTTP_MAX_REDIRS_EXCEEDED
02-01-2012 01:58 PM
So this isn't an issue if you're running ASAs for VPN, right?
02-01-2012 10:33 PM
on ASA for the majority, there are no issues, but some isolate incidents have been seen.
This tracked using the defect:
Are you seeing any issues with ASA ?
02-01-2012 10:17 AM
Thank you Thomas, this has helped us to get our users connected using the AnyConnect Client (2.5.3046), however we now find that users cannot connect to the website on the router. Do you know where I can find out what version of the IOS we can run so that our users can connect to the web site of the router?
We have confirmed that it is the KB2585542 update that is preventing our users from connecting to the web site by removing the update and trying to connect.
02-01-2012 10:34 PM
Hi Michael,
unfortunately on IOS, the defect is not resolved yet, so only the workarounds will work.
04-05-2012 12:54 PM
I have tried the interim release of 8-4-3.9 for the ASA and while the symptoms are not the same, the end results is that I still cannot obtain the desired page.
Regards.
Yvon
04-05-2012 11:35 PM
Hi Yvon,
Does disabling the KB fix resolve the problem even with ASA 8.4.3.9 ?
without looking at the ssl stream with private key exported and the ASA debugs/logs, its hard to say its a new issues.
It would be best to open a TAC case so that this can be further analyzed and new bug opened if this is a new defect.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide